launchpad-reviewers team mailing list archive

[John Chittum <mp+482782@xxxxxxxxxxxxxxxxxx>]

John Chittum has proposed merging ~jchittum/launchpad-buildd:oci-docker-ppa-pin into launchpad-buildd:master.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #2098106 in docker.io-app (Ubuntu): "Launchpad OCI builds are failing after the docker.io-app SRU update to 26.x on Focal"
  https://bugs.launchpad.net/ubuntu/+source/docker.io-app/+bug/2098106

For more details, see:
https://code.launchpad.net/~jchittum/launchpad-buildd/+git/launchpad-buildd/+merge/482782

1. the PPA is still building/publishing ppcel64. Do not merge until ppcel64 is available
2. I have a concern about possible leaking of the PPA, but lack context. This is being installed into the lxd backend container  used for the build. what i'm unfamiliar with is the isolation between lxd container running the build and the build context (chroot?). If there is a chance of sources.list being made available to the OCI being built, adding the following lines after installing docker.io

* apt-mark pin docker.io
* rm /etc/apt/source.list.d/canonical-server-ubuntu-lp2098106-docker-rollback-focal.list

3. I am operating under the assumption that the build  backend (lxd) is  ephemeral and fully removed between builds on a node. I'm reasonably sure this is true. Any reuse of this install will cause long term problems due to the epoch versioning. 


example policy statement in an amd64 vm

root@focal-ppa-24-docker:~# apt-cache policy docker.io
docker.io:
  Installed: (none)
  Candidate: 1:24.0.7-0ubuntu2~20.04.1
  Version table:
     1:24.0.7-0ubuntu2~20.04.1 500
        500 http://ppa.launchpad.net/canonical-server/lp2098106-docker-rollback/ubuntu focal/main amd64 Packages
     26.1.3-0ubuntu1~20.04.1 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
     20.10.21-0ubuntu1~20.04.2 500
        500 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages
     19.03.8-0ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~jchittum/launchpad-buildd:oci-docker-ppa-pin into launchpad-buildd:master.

diff --git a/lpbuildd/target/build_oci.py b/lpbuildd/target/build_oci.py
index dabb7d7..486778f 100644
--- a/lpbuildd/target/build_oci.py
+++ b/lpbuildd/target/build_oci.py
@@ -79,15 +79,18 @@ class BuildOCI(
             self._add_docker_engine_proxy_settings()
         deps.extend(self.vcs_deps)
         self.backend.run(["apt-get", "-y", "install"] + deps)
-        # XXX tushar5526 2025-02-14: Pin docker.io version to 20.x for OCI
-        # builds after recent SRU update that bumped the version to 26.x.
-        # This is placed temporarily until we add support for OCI compliant
-        # layout added in 26.x
+        # XXX jchittum: pin docker.io to last known working version
+        # provided by the Ubuntu Server team via a PPA
+        # the PPA version contains an epoch, and will sort higher in version
+        # to the archive. To revert, simply delete the addition of the PPA
+        # The PPA only contains docker.io.
         # For more info: https://bugs.launchpad.net/launchpad/+bug/2098106
         self.backend.run(
-            ["apt-get", "-y", "install", "docker.io=20.10.21-0ubuntu1~20.04.2"]
+            ["add-apt-repository", "-y", "ppa:canonical-server/lp2098106-docker-rollback"]
+        )
+        self.backend.run(
+            ["apt-get", "-y", "install", "docker.io"]
         )
-        self.backend.run(["apt-mark", "hold", "docker.io"])
         if self.backend.supports_snapd:
             self.snap_store_set_proxy()
         self.backend.run(["systemctl", "restart", "docker"])